
/*
 * Copyright (c) 1999,2000,2004 Damien Miller <djm@mindrot.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include <sys/types.h>
#include <sys/time.h>

#include <string.h>
#include <stdlib.h>
#include <stdarg.h>

#ifndef HAVE_ARC4RANDOM

#include <openssl/rand.h>
#include <openssl/rc4.h>
#include <openssl/err.h>

#include "arc4random.h"

/* Size of key to use */
#define SEED_SIZE 20

/* Number of bytes to reseed after */
#define REKEY_BYTES (1 << 24)

static int rc4_ready = 0;
static RC4_KEY rc4;

unsigned int
arc4random(void)
{
    unsigned int r = 0;

    if (rc4_ready <= 0) {
        arc4random_stir();
    }

    RC4(&rc4, sizeof(r), (unsigned char *) &r, (unsigned char *) &r);

    rc4_ready -= sizeof(r);

    return (r);
}

void
arc4random_stir(void)
{
    unsigned char rand_buf[SEED_SIZE];
    int i;

    memset(&rc4, 0, sizeof(rc4));
    if (RAND_bytes(rand_buf, sizeof(rand_buf)) <= 0) {
    }
    RC4_set_key(&rc4, sizeof(rand_buf), rand_buf);

    /*
     * Discard early keystream, as per recommendations in:
     * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps
     */
    for (i = 0; i <= 256; i += sizeof(rand_buf))
        RC4(&rc4, sizeof(rand_buf), rand_buf, rand_buf);

    memset(rand_buf, 0, sizeof(rand_buf));

    rc4_ready = REKEY_BYTES;
}
#endif                          /* !HAVE_ARC4RANDOM */

#ifndef HAVE_ARC4RANDOM_BUF
void
arc4random_buf(void *_buf, size_t n)
{
    size_t i;
    uint32_t r = 0;
    char *buf = (char *) _buf;

    for (i = 0; i < n; i++) {
        if (i % 4 == 0)
            r = arc4random();
        buf[i] = r & 0xff;
        r >>= 8;
    }
    i = r = 0;
}
#endif                          /* !HAVE_ARC4RANDOM_BUF */

#ifndef HAVE_ARC4RANDOM_UNIFORM

/*
 * Calculate a uniformly distributed random number less than upper_bound
 * avoiding "modulo bias".
 *
 * Uniformity is achieved by generating new random numbers until the one
 * returned is outside the range [0, 2**32 % upper_bound).  This
 * guarantees the selected random number will be inside
 * [2**32 % upper_bound, 2**32) which maps back to [0, upper_bound)
 * after reduction modulo upper_bound.
 */
uint32_t
arc4random_uniform(uint32_t upper_bound)
{
    uint32_t r, min;

    if (upper_bound < 2)
        return 0;

#if (ULONG_MAX > 0xffffffffUL)
    min = 0x100000000UL % upper_bound;
#else
    /*
       Calculate (2**32 % upper_bound) avoiding 64-bit math 
     */
    if (upper_bound > 0x80000000)
        min = 1 + ~upper_bound; /* 2**32 - upper_bound */
    else {
        /*
           (2**32 - (x * 2)) % x == 2**32 % x when x <= 2**31 
         */
        min = ((0xffffffff - (upper_bound * 2)) + 1) % upper_bound;
    }
#endif

    /*
     * This could theoretically loop forever but each retry has
     * p > 0.5 (worst case, usually far better) of selecting a
     * number inside the range we need, so it should rarely need
     * to re-roll.
     */
    for (;;) {
        r = arc4random();
        if (r >= min)
            break;
    }

    return r % upper_bound;
}
#endif                          /* !HAVE_ARC4RANDOM_UNIFORM */
